CipherChecker · Compliance

Prove your post-quantum readiness — on paper.

Point it at a repo and get the two deliverables an auditor actually wants: a machine-readable CycloneDX CBOM and a report mapped to NIST IR 8547 and NSA CNSA 2.0, with deprecation deadlines and a prioritized remediation roadmap. Generated from a real scan, not a questionnaire.

Try one: · ·
↓ Report (Markdown) ↓ CBOM (CycloneDX JSON)

Cryptographic inventory

AlgorithmSeverityNIST IR 8547Deprecate / DisallowCNSA 2.0Migrate toEvidence

Framework assessment

Remediation roadmap

What's free, and what isn't

The scan and this public-repo report are free — that's the point. The paid tier is for the part you can't do yourself: your private/org repos, a signed, dated compliance artifact, and continuous monitoring so the report stays true on every push.

Free
$0
  • Public-repo scan, source + dependencies
  • Migration plan + fix-PR generator
  • This compliance report + CBOM download
  • GitHub Action (runs on your runner)
Compliance — for teams with a deadline
Early access · pricing with design partners
  • Private & org-wide repo scanning
  • Signed, timestamped compliance report (NIST IR 8547 / CNSA 2.0)
  • Continuous monitoring + alerts on new quantum-vulnerable crypto
  • CBOM export to your SBOM pipeline
  • Auto-opened remediation PRs

Get it for your private repos →

We're onboarding a small group of design partners (gov vendors, fintech, healthcare — anyone with a CNSA 2.0 / NIST IR 8547 obligation). Tell us where to reach you and we'll set you up + figure out fair pricing together.